From owner-freebsd-questions Fri Aug 27 5:42:32 1999 Delivered-To: freebsd-questions@freebsd.org Received: from dax.rworld.org (c56836-a.wntck1.sfba.home.com [24.5.31.188]) by hub.freebsd.org (Postfix) with ESMTP id 42E7A14D83 for ; Fri, 27 Aug 1999 05:42:30 -0700 (PDT) (envelope-from r3mdh@dax.rworld.org) Received: (from r3mdh@localhost) by dax.rworld.org (8.9.3/8.9.3) id FAA06329 for freebsd-questions@freebsd.org; Fri, 27 Aug 1999 05:42:24 -0700 (PDT) (envelope-from r3mdh) Date: Fri, 27 Aug 1999 05:42:24 -0700 From: "Michael D. Harlan" To: freebsd-questions@freebsd.org Subject: syslog - logging to remote machine Message-ID: <19990827054224.A6165@rworld.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.6i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I'm having some trouble getting syslog to do what I want it to do. I've consulted the archives of this mailing list and nothing clearly spells out how to log to a remote machine (even a search on syslog.auth returns 0 results). Several books only briefly mention that syslog is "something that logs...we think". :) Here's what I would like to do and what I *think* needs to be done (although nothing below has worked for me): We have a machine called "barney" and a machine called "andy". andy is the head honcho on our domain, so we'd like all of andy's _and_ all of barney's logs to go on andy: -------- ---------- | andy | | barney | -------- ---------- | | v v ---------- ---------- | syslog | | syslog | ---------- ---------- | | |----------------- || vv ------------- ------------- | local log | | local log | ------------- ------------- First of all, I assume we're going to need some firewall modifications made to ipfw. What port does syslogd use to log it's messages to the remote machine? Also, TCP or UDP? or both? Now, I've read in a couple of places (but not everywhere) that we'll need a file called /etc/syslog.auth on andy. No where have I seen the syntax of this file. Am I correct to assume it's: [andy:/etc/syslog.auth] barney and that's it? Now, the systax for syslog.conf...is this all I need?: [barney:/etc/syslog.conf] *.notice;kern.debug;lpr.info;mail.crit;news.err @andy Should there be any changes to andy's /etc/syslog.conf? How can I have andy tell which logs are HIS and which are BARNEY'S? (Example: if I want andy's messages to be written to /var/log/messages.andy and barney's written to /var/log/messages.barney) Then, I assume a kill -HUP syslogd is required on both machines to see the changes. Now, keep in mind, none of the above has worked for me. What am I doing wrong here? I appreciate your help, more than you know. I am temporarily off of this mailing list while in clean out my mailboxes, so if you could CC: me on the reply, I would be forever endebtted to you. Thank you!, Mike -- Mike Harlan (r3mdh@rworld.org) http://www.rworld.org/~r3mdh/ http://www.rworld.org/ http://linksdepot.rworld.org/ http://browns.rworld.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message